• Performs threat modeling to identify all possible attack vectors
• Conduct vulnerability assessment and penetration testing against a wide array
of technologies and platforms including (Network, Infrastructure, WEB
Applications, and Mobile apps including IOS and Android and API)
• Select the appropriate technical tests, network or vulnerability scan tools
and/or pen testing tools based on review of requirements and purpose
• Conduct relevant research, data analysis, and create reports
• Contribute to predictive analysis of malicious activity
• Understand, review, and interpret vulnerability assessment and scanning
results, reduce false positive findings, and act as security advisor to business
• Track public and privately released vulnerabilities and assists in the triage
• Perform black box and gray box testing, source code analysis, manual pen
testing, and vulnerability assessments
• Perform hands on technical validation of vulnerability to determine risk to
different configurations and priorities for remediation
• Communicate current cybersecurity threats and educate stakeholders on risks
• Simulate cyberattacks to identify vulnerabilities
• Participate in team problem solving efforts and offer ideas to solve the issues
• Performs static source code vulnerability analysis
• Work with external pen testers to continually improve security on the platform
• Responsible for writing and reviewing formal penetration test reports
documenting the details of a penetration test and all vulnerabilities, potential
issues, and strengths found during the test
• 3+ years of operational experience in Information Technology & Information
• Good written and verbal communication skills in English
• University Degree in Computer Science, Computer Engineering or other
• Certifications such as CEH, Security+, ISO 27K, SANS would be considered as
• Good interpersonal communication and presentation skills.
• Ability to be a team player.
• Ability to work effectively in multiple cultures and at a range of levels.
• Ability to constantly build up skillset using a mix of self-motivated and course
based learning environment.
• Ability to work independently, proactively to see the big picture and work
through solutions as needed.
• Good knowledge of Windows, Linux, data bases (MySQL, no-SQL),
antimalware,IDS and other security technologies.
• Basic understanding of virtualization and software-defined data center
• Knowledge of OSI reference model and networking fundamentals
(switching,routing, load-balancing, firewalling).
• Understanding of commonly used Internet protocols such as SMTP, HTTP, and
• Basic understanding of cryptographic functionality within such protocols
would be of advantage.
• Familiar with Security Regulations and Standards.
• Experience with API testing and Mobile Application testing
• Hands-on experience with two or more scripting languages such as
Python,Powershell, Bash, or Ruby
• Familiarity with penetration testing tools and tool suites such as Burp Suite,
OWASP ZAP, Kali Linux, etc
• Proficiency or experience in any one of the following tools would be anadded
advantage including Zed Attack Proxy, Micro Focus, Kiuwan, QARK,Android
Debug Bridge, CodifiedSecurity, Drozer, WhiteHat Security
• Ability to demonstrate clear understanding of following vulnerabilities
including SQL Injections, Cross Site Scripting (XSS), Broken Authentication &
Session Management, Insecure Direct Object References, Security
Misconfiguration, Cross-Site Request Forgery (CSRF), Participate in code
• An aptitude for technical writing, including assessment reports and
• Strong understanding of penetration testing frameworks
• Advanced knowledge of mobile application testing techniques, software
protocols and the ability to bypass common mobile application security
• Understanding of offensive security, including offensive evasion techniques
• General knowledge of web applications, databases, mobile, and cloud
• Strong knowledge of Open Web Application Security Project (OWASP) (WEB
• Ability to think outside the box and emulate adversarial approaches